U.S. to Take More-aggressive Stance Towards China Over Cyberattacks: Report

In a report from the AP, citing sources close to the plans, the U.S. will start taking more-aggressive steps against China in the wake of mounting evidence that says the PLA has been conducting systemic cyberattacks against government data and corporate secrets.

The AP report comes hours after the White House said they were aware of a Mandiant report, which tied a secret Chinese military unit in Shanghai several years worth of attacks against scores of U.S. businesses. Calling the unit APT1, Mandiant says the unit has taken hundreds of terabytes of data from at least 141 organizations across many industries going as far back as 2006.

As noted in an earlier report by SecurityWeek - historically, Mandiant has said there was no way to determine the extent of China’s involvement in many attacks, but the firm now says it has enough evidence to confidently say that “the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them.”

Mandiant said that it was able to confirm 937 command and control servers running on 849 distinct IP addresses and has confirmed 2,551 domain names attributed to APT1 in the last several years. Their report also says that APT1 is the 2nd Bureau of the People’s Liberation Army (PLA) General staff Department’s (GSD) 3rd Department, commonly known by its Military unit Cover Designator (MUCD) as Unit 61398.

“The United States has substantial and growing concerns about the threats to U.S. economic and national security posed by cyber intrusions, including the theft of commercial information,” White House press secretary Jay Carney said during a briefing Tuesday.

“I can tell you that we have repeatedly raised our concerns at the highest levels about cyber theft with senior Chinese officials, including in the military, and we will continue to do so. This is a very important challenge...The United States and China are among the world’s largest cyber actors, and it is vital that we continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace,” Carney later commented.

According to the AP, the White House is considering fines and other trade actions against China for their alleged actions, though the AP’s story didn’t get into details.

In the meantime, China has disputed the Mandiant report, as well as all other claims of cyberattacks, and the White House would not comment on any of the AP’s reporting.

On Wednesday, China's defense ministry rebuffed Mandiant’s report linking its People's Liberation Army to hacking attacks against US organizations, saying there was no internationally agreed definition of hacking. China Defense ministry spokesman Geng Yansheng said in a statement that Mandiant's report had "no factual basis" and insisted there was no consensus on what qualified as hacking.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.